[CentOS] Security advice, please

Tue Dec 23 13:56:37 UTC 2008
Michael Simpson <mikie.simpson at gmail.com>

On 12/23/08, Anne Wilson <cannewilson at googlemail.com> wrote:
> My LAN is behind a Netgear router, which does NAT.  On the CentOS server I
> have fail2ban running.  This morning my router reported 3 different IPs
> attempting to send UDP packets to port 38950,  Since each address is only seen
> 4-5 times, I presume that fail2ban took over after that.
>
> GRC reports that ports are stealthed (port 143 was open, but is now closed),
> but then:
>

Try www.auditmypc.com or nmap-online.com rather than grc to look for open ports


> So, two questions really.  First, what should I be looking for on the router,
> to turn off this 'tracking down' activity?

Maybe your router is sending host / port unreachable icmp messages.
You could try to see what is actually happening using wireshark on
another computer from outside your LAN

>
> Then, I want to read from my own IMAP server when I'm away from home.  Is
> there a better way than opening port 143?
>

ssh tunnelling?
fwknop? (if you want all ports to appear closed)
<http://cipherdyne.org/fwknop/>

mike